浏览 41+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-5807 | Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations | HashiCorp | Vault | High | 7.5 | 2026-04-17 03:22:14 | Deep Dive |
| CVE-2026-4525 | Vault Token Leaked to Backends via Authorization: Bearer Passthrough Header | HashiCorp | Vault | High | 7.5 | 2026-04-17 03:00:48 | Deep Dive |
| CVE-2026-5052 | Vault Vulnerable to Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS | HashiCorp | Vault | Medium | 5.3 | 2026-04-17 02:55:25 | Deep Dive |
| CVE-2026-3605 | Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service | HashiCorp | Vault | High | 8.1 | 2026-04-17 02:44:42 | Deep Dive |
| CVE-2025-12044 | Vault Vulnerable to Denial of Service Due to Rate Limit Regression | HashiCorp | Vault | High | 7.5 | 2025-10-23 19:15:17 | Deep Dive |
| CVE-2025-11621 | Vault AWS auth method bypass due to AWS client cache | HashiCorp | Vault | High | 8.1 | 2025-10-23 19:08:55 | Deep Dive |
| CVE-2025-6203 | Vault unauthenticated denial of service through complex json payload | HashiCorp | Vault | High | 7.5 | 2025-08-28 19:36:10 | Deep Dive |
| CVE-2025-6013 | Vault LDAP MFA Enforcement Bypass When Using Username As Alias | HashiCorp | Vault | Medium | 6.5 | 2025-08-06 10:06:56 | Deep Dive |
| CVE-2025-6015 | Vault Login MFA Bypass of Rate Limiting and TOTP Code Reuse | HashiCorp | Vault | Medium | 5.7 | 2025-08-01 18:03:53 | Deep Dive |
| CVE-2025-6011 | Timing Side-Channel in Vault’s Userpass Auth Method | HashiCorp | Vault | Low | 3.7 | 2025-08-01 18:00:25 | Deep Dive |
| CVE-2025-6004 | Vault Userpass and LDAP User Lockout Bypass | HashiCorp | Vault | Medium | 5.3 | 2025-08-01 17:56:01 | Deep Dive |
| CVE-2025-6037 | Vault Certificate Auth Method Did Not Validate Common Name For Non-CA Certificates | HashiCorp | Vault | Medium | 6.8 | 2025-08-01 17:52:49 | Deep Dive |
| CVE-2025-6014 | Vault TOTP Secrets Engine Code Reuse | HashiCorp | Vault | Medium | 6.5 | 2025-08-01 17:50:09 | Deep Dive |
| CVE-2025-6000 | Arbitrary Remote Code Execution via Plugin Catalog Abuse | HashiCorp | Vault | Critical | 9.1 | 2025-08-01 17:40:49 | Deep Dive |
| CVE-2025-5999 | Vault Root Namespace Operator May Elevate Token Privileges | HashiCorp | Vault | High | 7.2 | 2025-08-01 17:38:58 | Deep Dive |
| CVE-2025-4656 | Vault Vulnerable to Recovery Key Cancellation Denial of Service | HashiCorp | Vault | Low | 3.1 | 2025-06-25 16:15:12 | Deep Dive |
| CVE-2025-3879 | Vault’s Azure Authentication Method bound_location Restriction Could be Bypassed on Login | HashiCorp | Vault | Medium | 6.6 | 2025-05-02 16:15:11 | Deep Dive |
| CVE-2025-4166 | Vault May Include Sensitive Data in Error Logs When Using the KV v2 Plugin | HashiCorp | Vault | Medium | 4.5 | 2025-05-02 14:57:59 | Deep Dive |
| CVE-2024-8185 | Vault Vulnerable to Denial of Service When Processing Raft Join Requests | HashiCorp | Vault | High | 7.5 | 2024-10-31 15:14:55 | Deep Dive |
| CVE-2024-9180 | Vault Operators in Root Namespace May Elevate Their Privileges | HashiCorp | Vault | High | 7.2 | 2024-10-10 20:54:57 | Deep Dive |